gosec: Fix violations of G301 (#14980)

* gosec: Fix violations of G301 * Changelog fragment
prysmaticlabs · Feb 24, 2025 · 09499a7 · 09499a7
1 parent 2ee0154
commit 09499a7
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 5 deletions.
diff --git a/changelog/pvl_g301.md b/changelog/pvl_g301.md
@@ -0,0 +1,3 @@
+### Fixed
+
+- Fixed violations of gosec G301. This is a check that created files and directories have file permissions 0750 and 0600 respectively.
diff --git a/cmd/prysmctl/testnet/generate_genesis.go b/cmd/prysmctl/testnet/generate_genesis.go
@@ -288,7 +288,7 @@ func generateGenesis(ctx context.Context) (state.BeaconState, error) {
 		if err != nil {
 			return nil, err
 		}
-		if err := os.WriteFile(f.GethGenesisJsonOut, gbytes, os.ModePerm); err != nil {
+		if err := os.WriteFile(f.GethGenesisJsonOut, gbytes, 0600); err != nil {
 			return nil, errors.Wrapf(err, "failed to write %s", f.GethGenesisJsonOut)
 		}
 	}

diff --git a/testing/endtoend/helpers/helpers.go b/testing/endtoend/helpers/helpers.go
@@ -196,7 +196,7 @@ random:
   - "Takoyaki"
 `)
 	f := filepath.Join(testDir, "graffiti.yaml")
-	if err := os.WriteFile(f, b, os.ModePerm); err != nil {
+	if err := os.WriteFile(f, b, 0600); err != nil {
 		return "", err
 	}
 	return f, nil

diff --git a/tools/analyzers/properpermissions/testdata/regular_imports.go b/tools/analyzers/properpermissions/testdata/regular_imports.go
@@ -20,7 +20,7 @@ func tempDir() string {
 func UseOsMkdirAllAndWriteFile() {
 	randPath, _ := rand.Int(rand.Reader, big.NewInt(1000000))
 	p := filepath.Join(tempDir(), fmt.Sprintf("/%d", randPath))
-	_ = os.MkdirAll(p, os.ModePerm) // want "os and ioutil dir and file writing functions are not permissions-safe, use shared/file"
+	_ = os.MkdirAll(p, 0750) // want "os and ioutil dir and file writing functions are not permissions-safe, use shared/file"
 	someFile := filepath.Join(p, "some.txt")
-	_ = os.WriteFile(someFile, []byte("hello"), os.ModePerm) // want "os and ioutil dir and file writing functions are not permissions-safe, use shared/file"
+	_ = os.WriteFile(someFile, []byte("hello"), 0600) // want "os and ioutil dir and file writing functions are not permissions-safe, use shared/file"
 }
diff --git a/tools/specs-checker/download.go b/tools/specs-checker/download.go
@@ -78,5 +78,5 @@ func getAndSaveFile(specDocUrl, outFilePath string) error {
 }
 
 func prepareDir(dirPath string) error {
-	return os.MkdirAll(dirPath, os.ModePerm)
+	return os.MkdirAll(dirPath, 0750)
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		### Fixed

		- Fixed violations of gosec G301. This is a check that created files and directories have file permissions 0750 and 0600 respectively.